Use
mysqli_real_escape_string()
instead.
You should get used to do simple research like this one: simply typing the error (
Call to undefined function mysql_real_escape_string()) in your favourite search engine would have brought you an immediate answer without having to wait for one of us in CP passing by and answering your question.